CVE-2025-7925

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument userlogin/userpassword leads to cross site scripting. The attac...

RHEL 10 : glibc (RHSA-2025:11066)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11066 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cac...

Firebox T15 contains an issue with hidden functionality

Overview Firebox T15 provided by WatchGuard Technologies contains the following vulnerability. Hidden functionality CWE-912 - CVE-2025-4106 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may log...

VulnCheck KEV: CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2025-7466

A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Management 1.0. Affected by this issue is some unknown functionality of the file /adddealerrequest.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely...

PT-2025-29325 · Code Projects · Job Diary

Name of the Vulnerable Software and Affected Versions: code-projects Job Diary version 1.0 Description: A critical issue exists in code-projects Job Diary 1.0, affecting an unknown functionality within the /search.php file. The Search argument is susceptible to SQL injection, allowing for remote...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15504)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from bypassing the process startup SA and using distributed...

[SECURITY] Fedora 41 Update: sudo-1.9.17-2.p1.fc41

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

[SECURITY] Fedora 41 Update: rust-nu-cli-0.99.1-6.fc41

CLI-related functionality for Nushell...

[SECURITY] Fedora 42 Update: rust-clearscreen-4.0.1-2.fc42

Cross-platform terminal screen clearing...

CVE-2025-7210

The CVE-2025-7210 entry concerns code-projects/Fabian Ros Library Management System 2.0, where the admin/profile_update.php function is vulnerable due to improper handling of the photo parameter, enabling unrestricted file upload. This is described as a remote, publicly disclosed exploit with pot...

PT-2025-28896 · Ibm · Ibm Openpages

Name of the Vulnerable Software and Affected Versions: IBM OpenPages version 9.0 Description: IBM OpenPages 9.0 is susceptible to the disclosure of sensitive information. This is due to insufficient security measures implemented for specific REST API endpoints associated with the workflow...

CVE-2025-7196

A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-7170 code-projects Crime Reporting System registration.php sql injection

A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit ha...

PT-2025-28291 · Sap · Sap Data Services Management Console

Name of the Vulnerable Software and Affected Versions: SAP Data Services Management Console affected versions not specified Description: The issue is related to a Cross-Site Scripting vulnerability in the search functionality associated with DQ job status reports. An authenticated attacker could...

CVE-2025-34088

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The nettools.php functionality allows authenticated users to execute arbitrary OS commands via the selectips parameter when performing network tools operations, such as pinging. This occurs becau...

PT-2025-27890 · Unknown · Gopiplus Card Flip Image Slideshow

Name of the Vulnerable Software and Affected Versions: gopiplus Card flip image slideshow versions 1.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This means that an attacker cou...

CVE-2025-24332 Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication

Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity board...

RHEL 7 : glibc (RHSA-2025:10220)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10220 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cach...

RHEL 9 : mod_proxy_cluster (RHSA-2025:9997)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9997 advisory. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: modproxycluster:...